Been playing with a s*nd*sk trusted flash device - a combined ICC and flash
device oeprating within an SDIO stack.
Its control plane apparently uses 7816-4 PDUs, over a proprietary transport.
One can access the secure ICC (FIPS 140-2 level 2) and the trusted flash (data
store) functions at over a 1Gbps. The data rate is throttled with certain
operations, presumably as the ICC/FIFOs need to catch up given it/they are
doing the encryption/decryption stream handling and associated key
management/refresh.
The form factor can fit in few a billion PCs, today, using $5 (retail)
adaptors, and uses commodity drivers (MSD). It also fits more importantly in
all modern smartphones. Optionally, its security policy when interacting with
the Phone OS as a trusted (offline) filestore can be controlled by the SIM,
which of course has control applets downloaded on the fly by the telco via
MPCOS, GP processes (i.e. turn phone offline data store from private mode to
spy mode, to escrowed mode... covertly or otherwise)
> From: [EMAIL PROTECTED]> To: [email protected]> Date: Mon, 23 Apr
> 2007 01:49:16 -0600> Subject: [Muscle] Firefox, DoD CAC, and Omnikey Cardman
> 4000> > I've attempted to follow the guides I've found on the web to set up
> CAC> access in linux. I know my card reader is (at least somewhat) working.>
> I've configured it as follows (I'm running FC6 on x86_64):> >
> openct-0.6.11-svn-r936 (the rpm from fedora didn't work)> pcsc-lite-1.3.1-7
> (also a openct driver package for this)> coolkey-1.0.1-10> firefox-1.5.0.10-5
> (this might be a FC6-specific version)> > After compiling the openct
> snapshot, I was able to run 'openct-tool> list' and 'openct-tool atr' and get
> what seem like normal results.> Also, with pcscd running, 'pcsc_scan' works
> like I would expect when I> insert and remove my CAC.> > The instructions I
> read said to load the libcoolkeypk11.so lib as a> security device in Firefox,
> which seems to work. It lists the 'OpenCT> 00 00' device, but lists status as
> 'Not Present'. > > When I insert the CAC, this is what I get in the log:> >
> Apr 23 01:33:39 buford pcscd: eventhandler.c:419:EHStatusHandlerThread()>
> Card inserted into OpenCT 00 00> Apr 23 01:33:39 buford pcscd: Card ATR: 3B
> 7F 11 00 00 00 31 C0 53 CA C4> 01 64 52 D9 04 00 82 90 00 > > Basically, if I
> try to do anything with the card, the log shows this> message repeated many
> times:> > Apr 23 01:38:16 buford pcscd: ifdwrapper.c:735:IFDTransmit() Card
> not> transacted: 612> Apr 23 01:38:16 buford pcscd:
> winscard.c:1491:SCardTransmit() Card not> transacted: 0x80100016> > Any
> attempt to use opensc-tool ultimately results in the following> (after a
> bunch of other errors):> > card.c:226:sc_connect_card: returning with: Card
> is invalid or cannot be> handled> > > Am I missing something? I know this
> reader works out of the box with> windows for CACs. It seems like all the
> pieces are there for it to work> with linux, but for some reason it's not.
> Any info about working> configs with this reader and linux (especially
> x86_64) would be> appreciated. Also, if this is the wrong list, please point
> me in the> right direction, as all of my searching has inevitably end at this
> list.> > Thanks,> Keith> > _______________________________________________>
> Muscle mailing list> [email protected]>
> http://lists.drizzle.com/mailman/listinfo/muscle
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
